CVE-2026-1448

Severity CVSS v4.0:

HIGH

Type:

CWE-77 Command Injection

Publication date:

27/01/2026

Last modified:

27/01/2026

Description

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS v4.0 Severity and Metrics:

Base Score: 7.30 HIGH
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Exploit Maturity (E): POC

Base Score 4.0

7.30

Severity 4.0

HIGH

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

7.20

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:L/Au:M/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 8.30 HIGH
Vector: AV:N/AC:L/Au:M/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Multiple
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

8.30

Severity 2.0

HIGH

CVE-2026-1448

Description

Impact

References to Advisories, Solutions, and Tools